Applies to:

Oracle Access Manager - Version 11.1.1.5.0 and laterInformation in this document applies to any platform.

Symptoms

A new OVD Authenticator Provider has been configured in the OAM domain WebLogic Security Realm.

The control flag for the OVD provider has been set to SUFFICIENT and the provider has been moved to the top of the providers list, above the DefaultAuthenticator provider.

OVD users are displayed in the WebLogic Security Realm Users and Groups tab, showing that the OVD authentication provider is working.

OAM System Identity Store is still configured to use WebLogic Server (WLS) Embedded LDAP and the OAM Administrator (weblogic) user does not exist in OVD, it only exists in WLS embedded LDAP.

Now when the OAM Managed Server is down it is not possible to login to OAM Console using the "fallback" native OAM Console login page. Login fails with error "An incorrect Username or Password was specified" or the login page is simply re-displayed.

When login fails the following error is written to the AdminServer-diagnostic.log:

The problem does not occur if any of the following apply: + If the OVD Authenticator provider control flag is changed from SUFFICIENT to OPTIONAL+ If the OVD Authenticator provider is moved lower in the WLS providers list than DefaultAuthenticator+ If the OAM Managed Server is running and OAM SSO is used to login to OAM Console instead of the fallback application login page